Category Archives: Data Security

Last Friday, Fiat Chrysler announced the recall of 1.4 million vehicles to fix security vulnerabilities, further highlighting the importance of properly addressing cybersecurity issues created by the use of connected devices. The recall follows an article published last Tuesday by Wired magazine which described methods used by security researchers to remotely access a Jeep Cherokee,… Continue Reading

Neiman Marcus customers whose credit card information potentially was exposed in a 2013 breach of the retailer’s computer systems may proceed with their proposed class action lawsuit against the retailer, a federal appeals court ruled Monday. Neiman Marcus discovered in December 2013 that some of its customers had found fraudulent charges on their credit cards,… Continue Reading

In a consent decree adopted yesterday by the Federal Communications Commission, two telecommunications carriers — TerraCom, Inc., and YourTel America, Inc. — agreed to pay a $3.5 million civil penalty and adhere to a three-year compliance program to settle allegations that the carriers violated the federal Communications Act by failing to adequately protect “proprietary information”… Continue Reading

The Senate Judiciary Committee today held a hearing about the increased challenges that encryption poses for law enforcement. Government officials testified that advances in encryption technology make it more difficult for them to monitor communications, but there was little indication that lawmakers are prepared to require technology providers to ensure that law enforcement has backdoor… Continue Reading

As part of its ongoing outreach efforts to educate businesses about the importance of data security practices, the FTC has released a list of “10 practical lessons” drawn from its previous data security enforcement actions. The list, entitled “Start with Security: A Guide for Business,” acknowledged that the FTC’s 50-plus data security enforcement actions are… Continue Reading

Last week, both Connecticut and Oregon amended their respective data security and breach notification laws that will now levy stricter requirements on entities that store or process personally identifiable information (“PII”) or health-related information. A full analysis of each bill is below.

Next week we expect to find out if the Council of the EU will finally agree (“adopt a general approach”) on its version of the proposed General Data Protection Regulation (GDPR). Progress with a “little brother” of the GDPR – namely the proposed Network and Information Security (NIS) Directive, tagged the Cybersecurity Directive – continues in parallel. Before… Continue Reading

On Monday, the 2015 G-7 Summit ended with the President and other Leaders of the G-7 focused generally on a wide range of economic, security, and development issues, and specifically discussing the energy sector’s cybersecurity posture. According to the White House, the Leaders “launched a new cooperative effort to enhance cybersecurity of the energy sector… Continue Reading

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention. The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier. In parallel, the French data protection authority announced… Continue Reading

On May 26th, 2015, the Dutch Senate passed a new law (“the Law”) (legislative proposal, as adopted, is accessible here), which introduces an obligation to notify the Dutch DPA ‘without delay’ in case of a data breach. The law also broadens the powers of the Dutch DPA, enabling it to impose significantly higher fines for… Continue Reading

Yesterday, the FTC published a blog post outlining what companies should expect if they find themselves as the subject of an FTC data security investigation. In addition to highlighting the different phases of the FTC’s investigative process, the FTC’s discussed the types of information that it seeks as well as the questions it wants answered. … Continue Reading

The Department of Justice (“DoJ”) recently issued new guidance for organizations on what it believes are best practices for managing cyber security incidents. As described further below, the guidance provides a broad overview on recommended steps to take to minimize the risk of an incident, as well as actions to take and avoid in the… Continue Reading

Earlier this week, an information-sharing bill and a data breach bill passed through committee votes in the House, setting the stage for potentially significant legislative action on key cybersecurity issues in the near future. On Tuesday, the House Homeland Security Committee approved the National Cybersecurity Protection Advancement Act by a unanimous voice vote, following a… Continue Reading

This week, the Medical Identity Fraud Alliance (“MIFA”) released its 2014 Fifth Annual Study on Medical Identity Theft, finding that in the last year, medical identity theft incidents increased by 21.7% from 2013. The study is annually conducted to determine the pervasiveness of medical identity theft in the United States, how it affects the lives… Continue Reading

By Caleb Skeath During the White House’s inaugural Summit on Cybersecurity and Consumer Protection last Friday, President Obama signed an executive order designed to facilitate increased information sharing between the private sector and the federal government. The order follows the introduction of the Cyber Threat Sharing Act of 2015 in the Senate, an information-sharing bill… Continue Reading

By Caleb Skeath Earlier this week, the Senate Committee on Homeland Security and Governmental Affairs held its first hearing of the new Congress, entitled “Protecting America from Cyber Attacks: The Importance of Information Sharing.” The hearing focused in large part on the White House’s recent information sharing proposal, which would protect private entities from civil… Continue Reading

On the heels of a number of well-publicized data security breaches, a White House data breach proposal, and California’s recent changes to its data breach notification statute, New York Attorney General Eric Schneiderman has announced that he will propose legislation to strengthen New York’s data breach notification law. The legislation had not been made public… Continue Reading

On Tuesday, President Obama announced his proposal for legislation that would encourage sharing of cyber threat information between the public and private sector by shielding private entities from liability for sharing information on cyber threats. The White House has since released the text of the proposed bill, which includes limitations on liability for private entities… Continue Reading

On Monday, President Obama announced his proposal of the Personal Data Notification & Protection Act, which would set nationwide rules for data breach notifications and preempt the patchwork of state breach notification laws. The White House has since released the text of the nine-page bill. Below is an overview of the key provisions of the… Continue Reading

The Department of Energy and the Federal Smart Grid Task Force released the final version of a Voluntary Code of Conduct (VCC) for smart grid data privacy on Monday, several hours after President Obama heralded the release of the VCC as part of his speech on privacy and cybersecurity at the Federal Trade Commission. The… Continue Reading

President Obama plans to continue his focus on privacy and data security today with an announcement of cybersecurity-related proposals. In remarks scheduled for later today at the National Cybersecurity Communications Integration Center (NCCIC), President Obama will announce an updated cybersecurity legislative proposal, which would encourage the private sector to quickly share cyberthreat information with NCCIC. … Continue Reading

At a speech to the Federal Trade Commission today, President Obama will announce a number of cybersecurity and privacy proposals. In a statement released this morning, the White House noted that consumer concerns about cybersecurity threats and identity theft “can lead to less interaction with technology, less innovation, and a less productive economy.”

Please note that this event, originally scheduled for December 10, is being rescheduled for February 2015 – date TBC Covington’s London office will be hosting a breakfast seminar for clients on ‘Mitigating Information Loss in the Healthcare Industry: the Insider Threat’ with The Chertoff Group.

When Republicans take over the Senate in January, new leaders will control key committees that oversee privacy and data security issues, and their priorities will differ significantly from those of their predecessors. Privacy issues, however, generally tend not to break neatly along party lines and there will remain bipartisan support – and bipartisan opposition –… Continue Reading